Palo Alto Networks Knowledgebase: DotW: User-ID for Microsoft Exchange Server Permission Issue

DotW: User-ID for Microsoft Exchange Server Permission Issue

4210
Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:00 AM
Resolution

fy16-dotw-lato.png

This week's discussion focuses on user "SabreAce33" inquiring if the Microsoft Exchange Server requires additional permissions when using User-ID? He is running an agent-based User-ID setup against three Microsoft Active Directory (AD) DCs and two Microsoft Exchange Client Access Servers (CAS). Despite having Event Log Reader permissions, he is unable to get data from the Microsoft Exchange Servers. User "SabreAce33" can get data from the DCs, but the Microsoft Exchange Servers show either 'connecting' or 'connecting (a required privilege is not held by the agent)'.

 

User "scottsander" confirmed the following two steps are needed to fix the issue.

Because Microsoft Exchange Server is different than Microsoft AD, there are additional steps needed:

  1. Grant the User-ID agent service account 'Enable Account' and 'Remote Access' permissions to the Common Information Model v2 (CIMv2) WMI namespace on the Microsoft Exchange Client Access Servers.
  2. Add the service account to the local 'Event Log Readers' and 'Distribute COM Users' groups on the Microsoft Exchange CAS.

 

To read the entire discussion, see the following link: User-ID for Exchange Permission Issue

 

For more information on this subject, reference the following documents:

 

If you have any additional questions regarding this discussion please leave a comment below. Thank you for your time.

 

Andrea Simon



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWqCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language